Our Cat Herder password management features are outlined in this document.
When setting your Our Cat Herder password you need to choose a new password that meets the password requirements the system has, which are:
- Must be 12 or more characters in length.
- Contain 1 or more special characters (eg: $ % &).
- Contain 1 or more UPPERCASE characters.
- Contain 1 or more digit characters.
Additionally you must also choose a password that does not appear on the https://haveibeenpwned.com list of breached passwords. Exposure of a password in a breach from any website or application makes it unsuitable for ongoing use because accounts using an exposed or breached password are at much greater risk of account take over by malicious actors.
Can portal Administrators set portal users passwords?¶
Portal Administrators do not have the ability to reset a portal members password. Only the individual in question is able manage or reset their own password.
While on facevalue this may seem odd to many Administrators, this has been done specifically to protect your organisation and your users.
Each Our Cat Herder account is able to be attached to multiple portals/organisations, which is quite useful if you sit on more than one board. However it means that if we allowed Administrators to reset the passwords of members of their portal they would (if they were malicious) then be able to access any other portal/organisation that person was attached to on Our Cat Herder (since they would know that users account email and password). For security reasons we have left password management in the hands of the individual rather than portal Administrators.
Only users themselves can control password changes/resets.
This is because each members account can be connected to multiple boards. Therefore allowing portal admins to control passwords of members would mean, theoretically, the admin could use this to gain access to another organisational boards portal (if the member was connected to multiple boards) through reseting a members password.
If one of your members needs to do a password reset simply send them to https://ourcatherder.com/users/forgot
We highly recommend that you encourage your board members to use a password manager such as Dashlane, 1Password or LastPas. You can access these and other password managers, in some cases for free or, for a few dollars per month.
Read more about why you should use a password manager here.
Member did not receive invitation to portal or temporary password/invite has expired¶
If you have invited a board member to your Our Cat Herder portal (added them as a member) but:
a. they did not receive the invite (always ask them to check their spam for the invite as a first step)
b. the invite link or temporary password has expired as the invite was missed.
Then the fastest way to help them access to their account is to request that they initiate a password reset via https://ourcatherder.com/users/forgot
In the case of a. they may also need to add firstname.lastname@example.org to their email whitelist (or request their I.T department or email provider do so) so that messages are being successfully delivered.
Setting up Two Factor Authentication (2FA)¶
Our Cat Herder offers Two Factor Authentication (2FA) for all users for free. We highly recommend you enable 2FA on your account..
You can enable 2FA on your Our Cat Herder account by clicking your name in the top menu and choosing "My Details". At the bottom of the My Details page you will see a button for turning on 2FA on your account. This will open a workflow to guide you through activating 2FA on your account.
Our Cat Herder does not offer 2FA via SMS as this is a less secure form of 2FA.
Our Cat Herder does not yet offer 2FA via a physical key such as YubiKey, but we hope to in the future.
If you have an Admin role on your portal you are able to force 2FA on all your portal members. Before doing this we recommend you let your portal members know you are going to do this as next time they login they will not be able to access any portal on thier account until they have activated 2FA.
Sessions - login, log out, length etc..¶
Users session on Our Cat Herder are 4 hours in length. This session time is regularly reviewed to create a balance between security of your portal and usability.
As the end of a user session approaches you should see a popup asking if you wish to extend your session. This will extend your session another four hours.
Updated: 21 April 2020